UI-Component Sets

FindBugs Bug Detector Report

The following document contains the results of FindBugs Report

FindBugs Version is 1.3.9

Threshold is low

Effort is min

Summary

ClassesBugsErrorsMissing Classes
24717200

Files

ClassBugs
org.apache.myfaces.orchestra.conversation.ConversationManager3
org.apache.myfaces.orchestra.conversation.ConversationRequestParameterProvider1
org.apache.myfaces.orchestra.conversation.CurrentConversationAdvice1
org.apache.myfaces.orchestra.conversation.CurrentConversationInfo2
org.apache.myfaces.orchestra.conversation.jsf.AccessScopePhaseListener1
org.apache.myfaces.orchestra.conversation.spring.AbstractSpringOrchestraScope1
org.apache.myfaces.orchestra.conversation.spring.AbstractSpringOrchestraScope$11
org.apache.myfaces.orchestra.conversation.spring.JpaPersistenceContextFactory1
org.apache.myfaces.orchestra.conversation.spring.OrchestraAdvisorBeanPostProcessor3
org.apache.myfaces.orchestra.conversation.spring.ScopedBeanTargetSource3
org.apache.myfaces.orchestra.conversation.spring.SimpleAdvisor2
org.apache.myfaces.orchestra.lib._ReentrantLock1
org.apache.myfaces.orchestra.lib.jsf.ExternalContextUtils2
org.apache.myfaces.orchestra.requestParameterProvider.RequestParameterProviderManager4
org.apache.myfaces.orchestra.urlParamNav.UrlParameterViewHandler2
org.apache.myfaces.orchestra.viewController.AbstractAnnotationsViewControllerManager1
org.apache.myfaces.orchestra.viewController.jsf.ViewControllerPhaseListener2
org.apache.myfaces.shared_orchestra.renderkit.RendererUtils2
org.apache.myfaces.shared_orchestra.renderkit.RendererUtils$11
org.apache.myfaces.shared_orchestra.renderkit.ViewSequenceUtils2
org.apache.myfaces.shared_orchestra.renderkit.html.HTML48
org.apache.myfaces.shared_orchestra.renderkit.html.HtmlCheckboxRendererBase1
org.apache.myfaces.shared_orchestra.renderkit.html.HtmlFormRendererBase2
org.apache.myfaces.shared_orchestra.renderkit.html.HtmlListboxRendererBase1
org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRadioRendererBase3
org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRendererUtils6
org.apache.myfaces.shared_orchestra.renderkit.html.HtmlResponseWriterImpl4
org.apache.myfaces.shared_orchestra.renderkit.html.HtmlSecretRendererBase1
org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTableRendererBase8
org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTextRendererBase1
org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTextareaRendererBase1
org.apache.myfaces.shared_orchestra.renderkit.html.util.JavascriptUtils2
org.apache.myfaces.shared_orchestra.test.ClassElementHandler1
org.apache.myfaces.shared_orchestra.util.ExceptionUtils1
org.apache.myfaces.shared_orchestra.util.LocaleUtils1
org.apache.myfaces.shared_orchestra.util.MessageUtils5
org.apache.myfaces.shared_orchestra.util.ParametrizableFacesMessage3
org.apache.myfaces.shared_orchestra.util.StateUtils28
org.apache.myfaces.shared_orchestra.util.StringUtils1
org.apache.myfaces.shared_orchestra.util._Coercions2
org.apache.myfaces.shared_orchestra.util._Constants1
org.apache.myfaces.shared_orchestra.util._PrimitiveObjects12
org.apache.myfaces.shared_orchestra.util.servlet.SourceCodeServlet2
org.apache.myfaces.shared_orchestra.webapp.webxml.WebXmlParser1

org.apache.myfaces.orchestra.conversation.ConversationManager

BugCategoryDetailsLinePriority
Method org.apache.myfaces.orchestra.conversation.ConversationManager.<static initializer>() invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) insteadPERFORMANCEDM_NUMBER_CTOR67Medium
Method org.apache.myfaces.orchestra.conversation.ConversationManager.createNextConversationContextId() invokes inefficient new Long(long) constructor; use Long.valueOf(long) insteadPERFORMANCEDM_NUMBER_CTOR252Medium
Method org.apache.myfaces.orchestra.conversation.ConversationManager.findConversationContextId() invokes inefficient new Long(long) constructor; use Long.valueOf(long) insteadPERFORMANCEDM_NUMBER_CTOR179Medium

org.apache.myfaces.orchestra.conversation.ConversationRequestParameterProvider

BugCategoryDetailsLinePriority
org.apache.myfaces.orchestra.conversation.ConversationRequestParameterProvider.getFields() may expose internal representation by returning ConversationRequestParameterProvider.REQUEST_PARAMETERSMALICIOUS_CODEEI_EXPOSE_REP103Medium

org.apache.myfaces.orchestra.conversation.CurrentConversationAdvice

BugCategoryDetailsLinePriority
org.apache.myfaces.orchestra.conversation.CurrentConversationAdvice is Serializable; consider declaring a serialVersionUIDBAD_PRACTICESE_NO_SERIALVERSIONID64-96Low

org.apache.myfaces.orchestra.conversation.CurrentConversationInfo

BugCategoryDetailsLinePriority
org.apache.myfaces.orchestra.conversation.CurrentConversationInfo is Serializable; consider declaring a serialVersionUIDBAD_PRACTICESE_NO_SERIALVERSIONID56-80Medium
The field org.apache.myfaces.orchestra.conversation.CurrentConversationInfo.conversation is transient but isn't set by deserializationBAD_PRACTICESE_TRANSIENT_FIELD_NOT_RESTOREDNot availableLow

org.apache.myfaces.orchestra.conversation.jsf.AccessScopePhaseListener

BugCategoryDetailsLinePriority
Class org.apache.myfaces.orchestra.conversation.jsf.AccessScopePhaseListener defines non-transient non-serializable instance field logBAD_PRACTICESE_BAD_FIELDNot availableLow

org.apache.myfaces.orchestra.conversation.spring.AbstractSpringOrchestraScope

BugCategoryDetailsLinePriority
org.apache.myfaces.orchestra.conversation.spring.AbstractSpringOrchestraScope.setAdvices(Advice[]) may expose internal representation by storing an externally mutable object into AbstractSpringOrchestraScope.advicesMALICIOUS_CODEEI_EXPOSE_REP2107Medium

org.apache.myfaces.orchestra.conversation.spring.AbstractSpringOrchestraScope$1

BugCategoryDetailsLinePriority
The class org.apache.myfaces.orchestra.conversation.spring.AbstractSpringOrchestraScope$1 could be refactored into a named _static_ inner classPERFORMANCESIC_INNER_SHOULD_BE_STATIC_ANON630-638Low

org.apache.myfaces.orchestra.conversation.spring.JpaPersistenceContextFactory

BugCategoryDetailsLinePriority
JpaPersistenceContextFactory.entityManagerFactory not initialized in constructorSTYLEUWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTORNot availableLow

org.apache.myfaces.orchestra.conversation.spring.OrchestraAdvisorBeanPostProcessor

BugCategoryDetailsLinePriority
Should org.apache.myfaces.orchestra.conversation.spring.OrchestraAdvisorBeanPostProcessor.getAdvicesAndAdvisorsForBean(Class, String, TargetSource) return a zero length array rather than null?STYLEPZLA_PREFER_ZERO_LENGTH_ARRAYS108Low
Class org.apache.myfaces.orchestra.conversation.spring.OrchestraAdvisorBeanPostProcessor defines non-transient non-serializable instance field appContextBAD_PRACTICESE_BAD_FIELDNot availableMedium
Class org.apache.myfaces.orchestra.conversation.spring.OrchestraAdvisorBeanPostProcessor defines non-transient non-serializable instance field logBAD_PRACTICESE_BAD_FIELDNot availableMedium

org.apache.myfaces.orchestra.conversation.spring.ScopedBeanTargetSource

BugCategoryDetailsLinePriority
Class org.apache.myfaces.orchestra.conversation.spring.ScopedBeanTargetSource defines non-transient non-serializable instance field objectFactoryBAD_PRACTICESE_BAD_FIELDNot availableLow
Class org.apache.myfaces.orchestra.conversation.spring.ScopedBeanTargetSource defines non-transient non-serializable instance field scopeBAD_PRACTICESE_BAD_FIELDNot availableLow
org.apache.myfaces.orchestra.conversation.spring.ScopedBeanTargetSource is Serializable; consider declaring a serialVersionUIDBAD_PRACTICESE_NO_SERIALVERSIONID59-76Low

org.apache.myfaces.orchestra.conversation.spring.SimpleAdvisor

BugCategoryDetailsLinePriority
Class org.apache.myfaces.orchestra.conversation.spring.SimpleAdvisor defines non-transient non-serializable instance field adviceBAD_PRACTICESE_BAD_FIELDNot availableLow
org.apache.myfaces.orchestra.conversation.spring.SimpleAdvisor is Serializable; consider declaring a serialVersionUIDBAD_PRACTICESE_NO_SERIALVERSIONID49-65Low

org.apache.myfaces.orchestra.lib._ReentrantLock

BugCategoryDetailsLinePriority
Class org.apache.myfaces.orchestra.lib._ReentrantLock defines non-transient non-serializable instance field logBAD_PRACTICESE_BAD_FIELDNot availableMedium

org.apache.myfaces.orchestra.lib.jsf.ExternalContextUtils

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.orchestra.lib.jsf.ExternalContextUtils.getContentLength(ExternalContext)STYLEREC_CATCH_EXCEPTION73Low
Exception is caught when Exception is not thrown in org.apache.myfaces.orchestra.lib.jsf.ExternalContextUtils.getRequestInputStream(ExternalContext)STYLEREC_CATCH_EXCEPTION104Low

org.apache.myfaces.orchestra.requestParameterProvider.RequestParameterProviderManager

BugCategoryDetailsLinePriority
org.apache.myfaces.orchestra.requestParameterProvider.RequestParameterProviderManager.encodeAndAttachParameters(String) checks to see if result of String.indexOf is positiveSTYLERV_CHECK_FOR_POSITIVE_INDEXOF190Low
Class org.apache.myfaces.orchestra.requestParameterProvider.RequestParameterProviderManager defines non-transient non-serializable instance field LOGBAD_PRACTICESE_BAD_FIELDNot availableMedium
org.apache.myfaces.orchestra.requestParameterProvider.RequestParameterProviderManager is Serializable; consider declaring a serialVersionUIDBAD_PRACTICESE_NO_SERIALVERSIONID53-226Medium
The field org.apache.myfaces.orchestra.requestParameterProvider.RequestParameterProviderManager.providers is transient but isn't set by deserializationBAD_PRACTICESE_TRANSIENT_FIELD_NOT_RESTOREDNot availableLow

org.apache.myfaces.orchestra.urlParamNav.UrlParameterViewHandler

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.orchestra.urlParamNav.UrlParameterViewHandler.calculateCharacterEncoding(FacesContext)STYLEREC_CATCH_EXCEPTION106Low
Exception is caught when Exception is not thrown in org.apache.myfaces.orchestra.urlParamNav.UrlParameterViewHandler.initView(FacesContext)STYLEREC_CATCH_EXCEPTION128Low

org.apache.myfaces.orchestra.viewController.AbstractAnnotationsViewControllerManager

BugCategoryDetailsLinePriority
AbstractAnnotationsViewControllerManager.annotationInfoManager not initialized in constructorSTYLEUWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTORNot availableLow

org.apache.myfaces.orchestra.viewController.jsf.ViewControllerPhaseListener

BugCategoryDetailsLinePriority
Method org.apache.myfaces.orchestra.viewController.jsf.ViewControllerPhaseListener.getState(FacesContext) needlessly instantiates a class that only supplies static methodsBAD_PRACTICEISC_INSTANTIATE_STATIC_CLASS241Low
Class org.apache.myfaces.orchestra.viewController.jsf.ViewControllerPhaseListener defines non-transient non-serializable instance field logBAD_PRACTICESE_BAD_FIELDNot availableLow

org.apache.myfaces.shared_orchestra.renderkit.RendererUtils

BugCategoryDetailsLinePriority
Can't close content since it is always null in org.apache.myfaces.shared_orchestra.renderkit.RendererUtils.loadResourceFile(FacesContext, String)CORRECTNESSNP_CLOSING_NULL912High
Possible null pointer dereference of content in org.apache.myfaces.shared_orchestra.renderkit.RendererUtils.loadResourceFile(FacesContext, String)CORRECTNESSNP_NULL_ON_SOME_PATH931Medium

org.apache.myfaces.shared_orchestra.renderkit.RendererUtils$1

BugCategoryDetailsLinePriority
org.apache.myfaces.shared_orchestra.renderkit.RendererUtils$1 defines equals and uses Object.hashCode()BAD_PRACTICEHE_EQUALS_USE_HASHCODE58-65Medium

org.apache.myfaces.shared_orchestra.renderkit.ViewSequenceUtils

BugCategoryDetailsLinePriority
Method org.apache.myfaces.shared_orchestra.renderkit.ViewSequenceUtils.getViewSequence(FacesContext) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) insteadPERFORMANCEDM_NUMBER_CTOR66Medium
Method org.apache.myfaces.shared_orchestra.renderkit.ViewSequenceUtils.nextViewSequence(FacesContext) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) insteadPERFORMANCEDM_NUMBER_CTOR45Medium

org.apache.myfaces.shared_orchestra.renderkit.html.HTML

BugCategoryDetailsLinePriority
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.ANCHOR_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT199Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT212Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES_WITHOUT_ONCLICK_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT222Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT217Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.BUTTON_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT317Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.BUTTON_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT325Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.BUTTON_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT329Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_FIELD_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT137Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT88Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES_WITHOUT_ONFOCUS should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT96Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES_WITHOUT_ONSELECT_AND_ONCHANGE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT103Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT164Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT179Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT174Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT148Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT156Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONCLICK_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT160Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT184Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT152Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT78Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES_WITHOUT_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT55Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT67Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.FORM_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT233Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.FORM_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT242Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.IMG_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT257Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.IMG_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT270Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.INPUT_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT284Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.INPUT_FILE_UPLOAD_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT412Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.INPUT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT296Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.LABEL_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT340Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.MESSAGE_PASSTHROUGH_ATTRIBUTES_WITHOUT_TITLE_STYLE_AND_STYLE_CLASS should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT429Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.SELECT_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT355Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.SELECT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT361Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.SELECT_TABLE_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT436Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.TABLE_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT373Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.TABLE_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT387Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.TEXTAREA_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT396Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.TEXTAREA_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT406Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.UL_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT440Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.UNIVERSAL_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT124Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.UNIVERSAL_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT116Medium
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_FIELD_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT142Low
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT169Low
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.IMG_PASSTHROUGH_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT274Low
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.INPUT_FILE_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT416Low
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.INPUT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT301Low
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.LABEL_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT347Low
org.apache.myfaces.shared_orchestra.renderkit.html.HTML.UL_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT444Low

org.apache.myfaces.shared_orchestra.renderkit.html.HtmlCheckboxRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.model.SelectItem to javax.faces.model.SelectItemGroup in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlCheckboxRendererBase.renderGroupOrItemCheckbox(FacesContext, UIComponent, SelectItem, boolean, Set, Converter, boolean)STYLEBC_UNCONFIRMED_CAST177Low

org.apache.myfaces.shared_orchestra.renderkit.html.HtmlFormRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIForm in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlFormRendererBase.decode(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST222Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIForm in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlFormRendererBase.encodeBegin(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST98Low

org.apache.myfaces.shared_orchestra.renderkit.html.HtmlListboxRendererBase

BugCategoryDetailsLinePriority
instanceof will always return true in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlListboxRendererBase.encodeEnd(FacesContext, UIComponent), since all javax.faces.component.html.HtmlSelectOneListbox are instances of javax.faces.component.html.HtmlSelectOneListboxSTYLEBC_VACUOUS_INSTANCEOF68Medium

org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRadioRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectOne in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRadioRendererBase.encodeEnd(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST59Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRadioRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST300Low
Unchecked/unconfirmed cast from javax.faces.model.SelectItem to javax.faces.model.SelectItemGroup in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRadioRendererBase.renderGroupOrItemRadio(FacesContext, UIComponent, SelectItem, Object, Converter, boolean)STYLEBC_UNCONFIRMED_CAST165Low

org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRendererUtils

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRendererUtils.findUIOutputConverterFailSafe(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST376Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectMany in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRendererUtils.findUISelectManyConverterFailsafe(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST362Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectMany in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRendererUtils.getSubmittedOrSelectedValuesAsSet(boolean, UIComponent, FacesContext, Converter)STYLEBC_UNCONFIRMED_CAST335Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectOne in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRendererUtils.getSubmittedOrSelectedValuesAsSet(boolean, UIComponent, FacesContext, Converter)STYLEBC_UNCONFIRMED_CAST342Low
org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRendererUtils.DEFAULT_CHAR_ENCODING isn't final but should beMALICIOUS_CODEMS_SHOULD_BE_FINAL1346Low
Method call in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlRendererUtils.renderDisplayValueOnlyForSelects(FacesContext, UIComponent) passes null for nonnull parameter of renderSelectOptionsAsText(FacesContext, UIComponent, Converter, Set, List, boolean)CORRECTNESSNP_NULL_PARAM_DEREF668Medium

org.apache.myfaces.shared_orchestra.renderkit.html.HtmlResponseWriterImpl

BugCategoryDetailsLinePriority
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE117Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE189Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE263Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE359Low

org.apache.myfaces.shared_orchestra.renderkit.html.HtmlSecretRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlSecretRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST106Low

org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTableRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTableRendererBase.encodeBegin(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST105Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTableRendererBase.encodeChildren(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST133Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTableRendererBase.encodeEnd(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST647Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTableRendererBase.encodeInnerHtml(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST216Low
Method org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTableRendererBase.renderColumnFooterCell(FacesContext, ResponseWriter, UIComponent, UIComponent, String, int) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) insteadPERFORMANCEDM_NUMBER_CTOR1031Medium
Method org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTableRendererBase.renderColumnHeaderCell(FacesContext, ResponseWriter, UIComponent, UIComponent, String, int) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) insteadPERFORMANCEDM_NUMBER_CTOR980Medium
Method org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTableRendererBase.renderTableHeaderOrFooterRow(FacesContext, ResponseWriter, UIComponent, UIComponent, String, String, int) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) insteadPERFORMANCEDM_NUMBER_CTOR862Medium
Redundant nullcheck of elemName, which is known to be non-null in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTableRendererBase.renderFacet(FacesContext, ResponseWriter, UIComponent, boolean)STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE731Low

org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTextRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTextRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST191Low

org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTextareaRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_orchestra.renderkit.html.HtmlTextareaRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST92Low

org.apache.myfaces.shared_orchestra.renderkit.html.util.JavascriptUtils

BugCategoryDetailsLinePriority
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE149Low
Switch statement found in org.apache.myfaces.shared_orchestra.renderkit.html.util.JavascriptUtils.encodeString(String) where default case is missingSTYLESF_SWITCH_NO_DEFAULT206-208Low

org.apache.myfaces.shared_orchestra.test.ClassElementHandler

BugCategoryDetailsLinePriority
ClassElementHandler.buffer not initialized in constructorSTYLEUWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTORNot availableLow

org.apache.myfaces.shared_orchestra.util.ExceptionUtils

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_orchestra.util.ExceptionUtils.getExceptions(Throwable)STYLEREC_CATCH_EXCEPTION59Low

org.apache.myfaces.shared_orchestra.util.LocaleUtils

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_orchestra.util.LocaleUtils.converterTagLocaleFromString(String)STYLEREC_CATCH_EXCEPTION136Low

org.apache.myfaces.shared_orchestra.util.MessageUtils

BugCategoryDetailsLinePriority
Method call in org.apache.myfaces.shared_orchestra.util.MessageUtils.getMessageFromBundle(String, String, Object[]) passes null for nonnull parameter of getMessageFromBundle(String, FacesContext, Locale, String, Object[])CORRECTNESSNP_NULL_PARAM_DEREF263Medium
Redundant comparison of non-null value to null in org.apache.myfaces.shared_orchestra.util.MessageUtils.getMessage(String, FacesContext, String, Object[])STYLERCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE588Low
Redundant comparison of non-null value to null in org.apache.myfaces.shared_orchestra.util.MessageUtils.getMessage(FacesContext, String, Object[])STYLERCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE568Low
Redundant nullcheck of message, which is known to be non-null in org.apache.myfaces.shared_orchestra.util.MessageUtils.getMessage(String, FacesContext, String, Object[])STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE591Low
Redundant nullcheck of message, which is known to be non-null in org.apache.myfaces.shared_orchestra.util.MessageUtils.getMessage(FacesContext, String, Object[])STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE571Low

org.apache.myfaces.shared_orchestra.util.ParametrizableFacesMessage

BugCategoryDetailsLinePriority
new org.apache.myfaces.shared_orchestra.util.ParametrizableFacesMessage(String, String, Object[], Locale) may expose internal representation by storing an externally mutable object into ParametrizableFacesMessage._argsMALICIOUS_CODEEI_EXPOSE_REP254Medium
new org.apache.myfaces.shared_orchestra.util.ParametrizableFacesMessage(FacesMessage$Severity, String, String, Object[], Locale) may expose internal representation by storing an externally mutable object into ParametrizableFacesMessage._argsMALICIOUS_CODEEI_EXPOSE_REP263Medium
The field org.apache.myfaces.shared_orchestra.util.ParametrizableFacesMessage._evaluatedArgs is transient but isn't set by deserializationBAD_PRACTICESE_TRANSIENT_FIELD_NOT_RESTOREDNot availableLow

org.apache.myfaces.shared_orchestra.util.StateUtils

BugCategoryDetailsLinePriority
instanceof will always return true in org.apache.myfaces.shared_orchestra.util.StateUtils.getMacSecret(ExternalContext), since all javax.crypto.SecretKey are instances of javax.crypto.SecretKeySTYLEBC_VACUOUS_INSTANCEOF936Medium
instanceof will always return true in org.apache.myfaces.shared_orchestra.util.StateUtils.getSecret(ExternalContext), since all javax.crypto.SecretKey are instances of javax.crypto.SecretKeySTYLEBC_VACUOUS_INSTANCEOF791Medium
Dead store of null to baos in org.apache.myfaces.shared_orchestra.util.StateUtils.compress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL346Low
Dead store of null to gzip in org.apache.myfaces.shared_orchestra.util.StateUtils.compress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL345Low
Dead store of null to bais in org.apache.myfaces.shared_orchestra.util.StateUtils.decompress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL417Low
Dead store of null to baos in org.apache.myfaces.shared_orchestra.util.StateUtils.decompress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL416Low
Dead store of null to gis in org.apache.myfaces.shared_orchestra.util.StateUtils.decompress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL418Low
Dead store of null to outputStream in org.apache.myfaces.shared_orchestra.util.StateUtils.getAsByteArray(Object, ExternalContext)STYLEDLS_DEAD_LOCAL_STORE_OF_NULL274Low
Dead store of null to writer in org.apache.myfaces.shared_orchestra.util.StateUtils.getAsByteArray(Object, ExternalContext)STYLEDLS_DEAD_LOCAL_STORE_OF_NULL273Low
Random object created and used only once in org.apache.myfaces.shared_orchestra.util.StateUtils.findMacSecret(String, String)BAD_PRACTICEDMI_RANDOM_USED_ONLY_ONCE986High
Random object created and used only once in org.apache.myfaces.shared_orchestra.util.StateUtils.findSecret(String, String)BAD_PRACTICEDMI_RANDOM_USED_ONLY_ONCE841High
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE667Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE679Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE645Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE630Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE861Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE874Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE950Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE962Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE805Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE817Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE907Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE762Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE724Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE189Low
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_orchestra.util.StateUtils.decrypt(byte[], ExternalContext)STYLEREC_CATCH_EXCEPTION490Low
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_orchestra.util.StateUtils.encrypt(byte[], ExternalContext)STYLEREC_CATCH_EXCEPTION328Low
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_orchestra.util.StateUtils.getAsObject(byte[], ExternalContext)STYLEREC_CATCH_EXCEPTION552Low

org.apache.myfaces.shared_orchestra.util.StringUtils

BugCategoryDetailsLinePriority
Should org.apache.myfaces.shared_orchestra.util.StringUtils.trim(String[]) return a zero length array rather than null?STYLEPZLA_PREFER_ZERO_LENGTH_ARRAYS685Low

org.apache.myfaces.shared_orchestra.util._Coercions

BugCategoryDetailsLinePriority
Method org.apache.myfaces.shared_orchestra.util._Coercions.<static initializer>() invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) insteadPERFORMANCEDM_NUMBER_CTOR289Medium
Method org.apache.myfaces.shared_orchestra.util._Coercions.coerceToPrimitiveNumber(Object, Class) invokes inefficient new Short(short) constructor; use Short.valueOf(short) insteadPERFORMANCEDM_NUMBER_CTOR391Medium

org.apache.myfaces.shared_orchestra.util._Constants

BugCategoryDetailsLinePriority
Redundant nullcheck of ret, which is known to be non-null in org.apache.myfaces.shared_orchestra.util._Constants.getStringResource(String)STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE185Low

org.apache.myfaces.shared_orchestra.util._PrimitiveObjects

BugCategoryDetailsLinePriority
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.getDouble(double) invokes inefficient Double.valueOf(double) constructor; use _PrimitiveObjects.java:[line 140] insteadPERFORMANCEDM_FP_NUMBER_CTOR140Low
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.getFloat(float) invokes inefficient Float.valueOf(float) constructor; use _PrimitiveObjects.java:[line 134] insteadPERFORMANCEDM_FP_NUMBER_CTOR134Low
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.createBytes() invokes inefficient new Byte(byte) constructor; use Byte.valueOf(byte) insteadPERFORMANCEDM_NUMBER_CTOR191Medium
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.createCharacters() invokes inefficient new Character(char) constructor; use Character.valueOf(char) insteadPERFORMANCEDM_NUMBER_CTOR203Medium
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.createIntegers() invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) insteadPERFORMANCEDM_NUMBER_CTOR227Medium
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.createLongs() invokes inefficient new Long(long) constructor; use Long.valueOf(long) insteadPERFORMANCEDM_NUMBER_CTOR239Medium
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.createShorts() invokes inefficient new Short(short) constructor; use Short.valueOf(short) insteadPERFORMANCEDM_NUMBER_CTOR215Medium
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.getByte(byte) invokes inefficient new Byte(byte) constructor; use Byte.valueOf(byte) insteadPERFORMANCEDM_NUMBER_CTOR79Medium
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.getCharacter(char) invokes inefficient new Character(char) constructor; use Character.valueOf(char) insteadPERFORMANCEDM_NUMBER_CTOR91Medium
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.getInteger(int) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) insteadPERFORMANCEDM_NUMBER_CTOR115Medium
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.getLong(long) invokes inefficient new Long(long) constructor; use Long.valueOf(long) insteadPERFORMANCEDM_NUMBER_CTOR127Medium
Method org.apache.myfaces.shared_orchestra.util._PrimitiveObjects.getShort(short) invokes inefficient new Short(short) constructor; use Short.valueOf(short) insteadPERFORMANCEDM_NUMBER_CTOR103Medium

org.apache.myfaces.shared_orchestra.util.servlet.SourceCodeServlet

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_orchestra.util.servlet.SourceCodeServlet.doGet(HttpServletRequest, HttpServletResponse)STYLEREC_CATCH_EXCEPTION87Low
org.apache.myfaces.shared_orchestra.util.servlet.SourceCodeServlet is Serializable; consider declaring a serialVersionUIDBAD_PRACTICESE_NO_SERIALVERSIONID26-121Low

org.apache.myfaces.shared_orchestra.webapp.webxml.WebXmlParser

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_orchestra.webapp.webxml.WebXmlParser.parse()STYLEREC_CATCH_EXCEPTION112Low